On Mon, May 11, 2020 at 10:52:32AM -0400, Stumpy wrote: > On 2020-05-11 10:26, 'Ryan Tate' via qubes-users wrote: > > Saw the new f31 templateVM (thanks for that) and just curious how folks > > generally migrate to a new templateVM. > > > > I manually maintain this big text list of packages and just use that to > > manually update the fresh templateVM to what I need. There's typically > > also some non package installs, which I include basic pointers for > > (think downloaded rpms and so forth), as well as some outside repos to > > add (e.g. keybase). There's also typically some packages I forgot to put > > on the list, which I can usually suss out by going through the bash > > history for the old template, although often there's one or two that > > slip through the cracks, which I find out about eventually and it's not > > a huge deal. > > > > I'm particularly curious if anyone does anything more sophisticated than > > that, using salt or some other automated deploy system to prep new > > template images. > > > > Thanks for any tips! > > > > Ditto, would really be interested as well, I have a similar system but i am > sure there are better ways to do it. >
Salt it - if you get used to using salt, it's simple to use. If you want to install a package, don't open the template and install it there, edit the install.sls file to include the package, and run `qubesctl --skip-dom0 --targets=<template> state.apply install` That *should* install the package, and you have a record of what you've done. So our "big text file" becomes functional. You can also leverage salt to apply the same packages to Debian and Fedora templates - where names differ, you can apply packages by checking OS. And, of course, you can add/edit sources.files, insert gpg keys, copy in rpms/source, and your salt files will be a record of what you want. On a new system, or a new template, all you have to do is run the `install` state targeting the template(s) you want. Really, a great system, and I suspect sadly under used. I have full systems set up in salt to customise a new install as I want, with new templates and different setups. Sometimes it can be a bit shaky, and you *have* to check the logs, but it's great to run the full state, have a coffee, and come back to a fully configured system. For travel, I have a minimum state I can download and apply, to get a workable system with gpg, vpn, ssh set up out of the box. So cool. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200511151141.GB15472%40thirdeyesecurity.org.
